sensepost/ruler
o365-exchange-techniques - MISP galaxy
o365-exchange-techniques - Office365/Exchange related techniques by @johnLaTwC and @inversecos
Offensive Security Tool: Ruler - A tool to abuse Exchange & Office ...
Offensive Security Tool: Ruler - A tool to abuse Exchange & Office 365 services Ruler by @Sensepost is a tool that allows you to interact ...
T1137 - Office Application Startup - Atomic Red Team
Microsoft Office is a fairly common application suite on Windows-based operating systems within an enterprise network. There are multiple ...
Hunting for bugs, catching dragons - Black Hat
MIME parsing. HTML / RTF. Pictures (GDI or Office stacks). Fonts. OLE Objects. Calendars, iCals, vCards, contacts. Attachments. TNEF, MAPI properties … Misc.
Password Spraying Outlook Web Access: Remote Shell
This lab looks at an attacking technique called password spraying as well as abusing Outlook Web Application by exploiting mail rules to get a remote shell ...
Rules Contributing to Potentially Malicious Windows Event Alerts
The following rules are used to identify suspicious activity with Windows events. This is a generic rule name. Any one or more of these will trigger ...
Ruler - Getting a shell with Forms - YouTube
A demo of how Ruler is able to create a custom form. This form is able to run custom VBScript and gain RCE when the email is ...
Ruler and Liniaal @ Troopers 17 | PPT | Free Download - SlideShare
Exploiting exchange accounts for persistent command and MAPI/RCP/OutlookAnywhere for control. Presented by Etienne Stalmans @ Troopers 2017
Hacking the Hacker: Assessing and Addressing Your Organization's ...
Victim tricked into executing “stager” trojan horse program, modifies host system. 2. After executing, it immediately downloads.
Check Your Email Rules for Maliciousness - KnowBe4 Blog
When was the last time your anti-malware program or vulnerability scanner warned you about a potentially malicious email rule, add-in, or ...
ATT&CK Technique T1137 – Mappings Explorer - GitHub Pages
T1137 Office Application Startup Mappings. Adversaries may leverage Microsoft Office-based applications for persistence between startups.
Detect and remediate the Outlook rules and custom forms injections ...
Tip. Did you know you can try the features in Microsoft Defender XDR for Office 365 Plan 2 for free? Use the 90-day Defender for Office 365 ...
What is Open Source Intelligence (OSINT)?. Open Source Intelligence (OSINT) is a process of gathering information about an entity in a passive.
MITRE ATTCK Техника Домашняя страница Outlook SECURITM
Adversaries may abuse Microsoft Outlook's Home Page feature to obtain persistence on a compromised system. Outlook Home Page is a legacy feature used to ...
Outlook Form/Rule attack cheat sheet - Nhat Truong Blog
Bài viết ngắn gọn cho tấn công Outlook form/rule attack, cách sử dụng công cụ ruler. Nguyên lý của tấn công này là tất cả các rule, ...
README.md - Red Teaming Toolkit - GitLab
数月前,来自印尼雅加达的安全研究员 Rahmat Nurfauzi 曾在 GitHub 上开源过一份「Red Team 安全攻防工具清单」,今天打开一看,没想到已经有 4k+ Star ...
O365 eDiscovery – using wildcards in email addresses
I have an issue with e-discovery project. A customer insistats to use their O365 SEcurity & Complaince environment to do the search.At the same time t...
TR17 Ruler PDF | PDF | Computer Networking - Scribd
TR17_Ruler.pdf - Free download as PDF File (.pdf), Text File (.txt) or read online for free. This document provides an overview of using Microsoft Exchange ...
chg: [o365-exchange-techniques] Persistence kill-chain added (WiP)
misp-galaxy - Clusters and elements to attach to MISP events or attributes (like threat actors)
Attacking the Perimeter Blog: Amass, Subdomain Enumeration
Hackers depend considerably on open-source intelligence (OSINT) derived from publicly available information. In this post we use tesla.com ...